OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.[1]

OnlyKey
Design firmCryptoTrust
ColorBlack (changeable sleeve)

Overview

edit

OnlyKey is notable for its physical keypad, which allows users to enter a PIN code directly on the device.[2] After 10 failed attempts to unlock, all data is erased.[2] The device also features a data-destruction code that the user can key in.[3][4] The device can store passwords, usernames, URLs, and one-time password (OTP) accounts, which can be used for online/offline access.[2][4]

Features

edit
  • Password management: OnlyKey can store and manage up to 24 passwords, usernames, URLs, and one-time password (OTP) accounts on the device itself.
  • Two-factor authentication (2FA): OnlyKey supports various 2FA protocols including FIDO2 WebAuthn, FIDO U2F, TOTP, Yubico OTP, and Challenge-response.[5][4] When logging in to a configured website or service, besides entering the username and password, the user also physically confirms the login attempt by pressing a button.
  • Security and Durability: OnlyKey is open source[2] and has upgradable firmware. [4]
  • Set up Apps: The device can be used via a cross-platform desktop app, as well as other desktop apps on macOS, Windows, and Linux (.deb)[6]

Disadvantages

edit
  • Cost: Compared to software-based password managers, OnlyKey requires an upfront purchase for the hardware device itself.
  • Learning Curve: Setting up and using OnlyKey may require familiarization with its features and functionalities compared to typical password management solutions. Complex setup process compared to security keys like YubiKey.[3][4]
  • Physical Loss: Losing the OnlyKey device can potentially lock the user out of their accounts if no backup is created. Unlike other security keys, OnlyKey has a secure backup feature to solve this issue.
  • Limited OTP Functionality: The absence of both an on-board clock and non-volatile memory necessitates the OnlyKey App to be running for Time-based One-Time Password (TOTP) generation. Although there are some exceptions when the hardware key is continuously powered.[5]

References

edit
  1. ^ W., Tyler (2021-07-25). "OnlyKey is not the Only Key". Cyberwise. Archived from the original on 2023-12-08. Retrieved 2024-04-03.
  2. ^ a b c d Wazir, Saeed (2023-12-18). "Best security keys: Secure your laptops, smartphones and apps from hackers". Pocket-lint. Archived from the original on 2024-03-29. Retrieved 2024-04-03.
  3. ^ a b Kingsley-Hughes, Adrian (2021-02-10). "OnlyKey: The ultimate security key for professionals". ZDNET. Archived from the original on 2024-03-24. Retrieved 2024-04-03.
  4. ^ a b c d e Loeffler, John (2023-01-13). "The best security key in 2024: hardware keys for top online protection". TechRadar. Archived from the original on 2024-03-29. Retrieved 2024-04-03.
  5. ^ a b "Blog: OnlyKey Thoughts". It's Chris Approved. Archived from the original on 2023-06-28. Retrieved 2024-04-03.
  6. ^ Mens, Jan-Piet (2019-08-26). "Testing an OnlyKey hardware password manager". Jan-Piet Mens. Archived from the original on 2023-09-25. Retrieved 2024-04-03.